peering requirements (Re: DDOS anecdotes)
Paul A Vixie
vixie at mfnx.net
Tue Jun 26 19:30:06 UTC 2001
> But please don't forget that in this particular DDoS event
> there was no IP spoofing.
>
> So anti-spoofing precautions, either on administrative or technical
> level, would be useless in this case.
>
> And this case is not so untypical.
that doesn't matter to me. i, and people i'm various close to, am attacked
several times daily. sometimes in a hard way, sometimes in a soft way, but
almost always using spoofed addresses. tracking these hop by hop using mac
addresses at exchange points only works if the stream is steady. it's not.
> my .002$
i was not basing my recommendation for a general peering agreement upgrade
on any specific attack. it's the pattern of attacks over the last decade
that's got me bugged. any angry teenager with a $300 openbsd machine can
bring down any part of the internet they're angry at. with impunity.
More information about the NANOG
mailing list